
Cybercrime and the criminals behind malware are getting more and more organized. They can afford to hire professionals, and it is becoming a business for many people.


Karel Obluk, chief technology officer, Grisoft

Whether the openings came from user ignorance or poor judgment, a software maker's error or misconfiguration, the profiteers of the Internet had a banner year turning the security mistakes of others into money.

Signs of the trend are obvious. The number of phishing sites used by online fraudsters jumped more than eight-fold year over year, according to the Antiphishing Working Group. The number of denial-of-service attacks doubled between January and June, according to Symantec, the owner of SecurityFocus. And, mail service provider MessageLabs intercepted, on average, one targeted Trojan horse attack every day in 2006, up from one a week in 2005.

If there is a lesson in 2006, it's that cybercrime is a booming business.

"Cybercrime and the criminals behind malware are getting more and more organized," Karel Obluk, chief technology officer for antivirus firm Grisoft, told SecurityFocus. "They can afford to hire professionals, and it is becoming a business for many people."

The trend is quickly making the defacto term for such code--malicious software or malware--a misnomer. The virus writers and spyware coders are not creating the code for malicious reasons but to make money illegally, making the term coined by antivirus firms--crimeware--more appropriate.

For example, spammers are using bot nets--large numbers of compromised computers controlled by a single person--to help them send a greater volume of messages. The development has increased the global volume of spam by at least a third in the last six months, according to Symantec, though other firms put the increase as high as 450 percent.

When one firm, Blue Security, claimed to have impacted the operations of major spammers, one bulk e-mailer decided to take on the Israeli company. A sustained denial-of-service attack took down the company's Web site, domain registrar and blog site. The company eventually capitulated and closed its doors.

"This is their primary form of employment now--it's a 9-to-5 job," Oliver Friedrichs, senior director for Symantec Security Response, said in a recent interview. "They are not doing it on weekends, and they are not doing it during the summer months."

Other cybercriminals are taking a more personal approach: Hijacking people's stock accounts and using the access to drive up the price of certain thinly-traded penny stocks has also become popular. Details of one scheme appeared in the court papers filed by the U.S. Securities and Exchange Commission (SEC) in support of a civil action against one apparent stock scammers. A Russian national allegedly used a company registered in Belize and based in Estonia to execute trades in stock whose prices had been manipulated by compromised accounts.

Such attacks are not isolated incidents. Account intrusion has resulted in $22 million in losses in the third quarter alone for two U.S. financial firms. TD Ameritrade posted $4 million in losses in their third quarter to account for replacing the funds customers lost due to account hijacking. E*Trade Financial reported that online identity theft by hackers cost them $18 million in the same period.

Identity theft, of course, continued to be a major worry in 2006. Because of data breach disclosure laws that have passed in the majority of states, companies, government agencies and schools regularly released details of significant data leaks.

In May, the Department of Veterans Affairs revealed that the names, social security numbers and birth dates of nearly 26.5 million veterans had been stored on a laptop and external hard drive that were stolen from an employee's home. The laptop and hard drive were later recovered, but the incident resulted in the federal government tightening data handling and laptop security rules.